Home
Threat Intelligence Posts

Fappy Ransomware Threat Intel Advisory

CloudSEK Threat Intelligence Advisory on file-locking trojan Fappy spread via phishing campaigns, untrustworthy download sources, etc.
Updated on
February 27, 2023
Published on
September 18, 2020
Read time
5
Subscribe to the latest industry news, technologies and resources.
Fappy is a ransomware-type malicious program, mapped as part of Hidden Tear ransomware family (open-source ransomware trojan that targets computers running Microsoft Windows). Fappy is quite recent and was spotted in September of 2020. Fappy is primarily spread via phishing campaigns, illegal activation tools, illegitimate updaters, and untrustworthy download sources. It was created to encrypt data after which the operators demand ransom for the decryption, as a result of which fappy is also known as the file-locking ransomware.  During the encryption process, all infected files are renamed with the ".Fappy" extension. For instance, a file named "one[.]jpg" is encrypted as "one[.]jpg[.]Fappy," as soon as it is infected by the virus. The operators demand 11.76 USD in BTC (0.00117 BTC), to unlock the files; the victims are also instructed to send proof of transfer.  [caption id="attachment_8156" align="aligncenter" width="342"]Fig1. Fappy ransomware's text file Fig1. Fappy ransomware's text file[/caption] Attackers send deceptive, phishing emails with words such as ‘official’, ‘urgent’, ‘important’ to create a sense of urgency and to invoke panic.[/vc_wp_text][vc_wp_text]

Impact

The ransom that Fappy operators demand is a mere 11.76 USD which suggests that their target is not corporate giants but common people, which only makes it worse. This gives them leverage to expand their campaign on a massive scale.

IOCs/ Hashes

  1. Encrypted Files Extension- [.]Fappy
  2. Ransom Demanding Message- HOW TO DECRYPT FILES.txt
  3. Cyber Criminal Contact- fappism@opentrash.com
  4. MD5- 5e5cf87c2bd6c75b9bd1bf328250bc1e
  5. SHA1- 1e46359929051753bae257cafca9c5410e90f35d
  6. SHA256- 326caf2ef865e7354c7efb26d1f224ecc0176e074d99a734d40f8a0a39056201
  7. SSDEEP- 12288:5ei1y+QPehnIYkuDUreNuEpsOV1n60tct:Ei1XK8DLhubO31c

Preventive Measures

  1. Do not open suspicious emails.
  2. Use spam filters and antivirus programmes to detect and filter bad emails.
  3. Enable an endpoint security product or endpoint protection suite.
  4. Keep your software up-to-date.
  5. Back up data on a regular basis and keep archived copies offsite and offline.
  6. User privilege escalation should be strong; permit access privileges only to the admin.
  7. Do not install applications from unknown sources.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.